Penalty for failure to delete data
A Czech private individual had requested a website operator to delete personal data. The right to do so arises from Article 17 of the General Data Protection Regulation. However, the company ignored the data subject’s request and did not delete the data.
Following a complaint to the supervisory authority, proceedings were initiated against the company. As a result, the company was ordered to pay a fine of 10,000 crowns and delete the data.
The rights of data subjects are being used by more and more private individuals to obtain data information or to have data deleted. Already several times there were penalties after the companies ignored the requests. However, due to the low-threshold right of complaint to the data protection authority, the companies concerned must assume that an ignored request will lead to an investigation by the data protection authority.
Especially in large companies, data disclosure is not a question of will, but rather complex due to the various systems. Responding within one month leaves little room for maneuver. Therefore, companies should already deal with the automation of affected party requests in advance.
Art des Verstoßes:
violated rights of the data subject
Waren sensible Daten betroffen?: